Abstract
Shredder programs attempt to overcome Window’s inherent inability to erase data completely. A shredder is useful when one needs to transfer ownership or dispose of a computer, but it can be exploited by a suspect for the purpose of wiping incriminating evidence. Most shredder programs claim to remove all traces of data. This paper examines these claims by conducting forensic examinations of computers on which shredder programs were used.
Chapter PDF
References
AccessData, FTK Imager, Lindon, Utah (www.accessdata.com).
AccessData, Registry quick find chart, Lindon, Utah (www.accessdata.com).
AccessData, Registry Viewer, Lindon, Utah (www.accessdata.com).
AccessData, Ultimate Toolkit, Lindon, Utah (www.accessdata.com).
H. Berghel, and D. Hoelzer, Digital village: Disk wiping by any other name, Communications of the ACM, vol. 49(8), pp. 17-21, 2006.
H. Carvey, Windows Forensics and Incident Recovery, AddisonWesley, Boston, Massachusetts, 2004.
eMule.org, eMule (www.emule-project.net).
G. Francia and K. Clinton, Computer forensics laboratory and tools, Journal of Computing Sciences in Colleges, vol. 20(6), pp. 143-150, 2005.
S. Garfinkel and A. Shelat, Remembrance of data passed: A study of disk sanitization practices, IEEE Security and Privacy, vol. 1(1), pp. 17-27, 2003.
W. Harrison, D. Aucsmith, G. Heuston, S. Mocas, M. Morrissey and S. Russelle, A lessons learned repository for computer forensics, International Journal of Digital Evidence, vol. 1(3), 2002.
N. Joukov, H. Papaxenopoulos and E. Zadok, Secure deletion myths, issues and solutions, Proceedings of the Second ACM Workshop on Storage Security and Survivability, pp. 61-66, 2006.
Microsoft Help and Support, Windows Registry information for ad- vanced users, Microsoft Corporation, Redmond, Washington (support.microsoft.com/kb/256986).
Piriform, CCleaner (www.ccleaner.com).
Right Utilities, Registry Washer (www.rightutilities.com).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Velupillai, H., Mokhonoana, P. (2008). Evaluation of Registry Data Removal by Shredder Programs. In: Ray, I., Shenoi, S. (eds) Advances in Digital Forensics IV. DigitalForensics 2008. IFIP — The International Federation for Information Processing, vol 285. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-84927-0_5
Download citation
DOI: https://doi.org/10.1007/978-0-387-84927-0_5
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-84926-3
Online ISBN: 978-0-387-84927-0
eBook Packages: Computer ScienceComputer Science (R0)